Or “poisoning” supply chain data so that the wrong stuff goes to the wrong stores, not to mention the potential dangers to energy supplies if production forecasts are tampered with.

Circle of trust

Many of the decisions we make in business and government are based on data that we assume is accurate. So if you undermine the authenticity of that data – and our trust in it – you can potentially bring an economy to its knees, experts warn.

Businesses are vulnerable to this type of cyber sabotage because they inherently trust the data and documents they produce, says Abe Smith of Dealflo, a company that helps financial firms automate transactions.

“There’s about $15 trillion [£12tn] of financial agreements processed every year and most of them are manual in one sense or other,” says Mr Smith.

Automation helped to cut costs involved with those financial agreements and to weed out mistakes, but these changes only reinforced reliance on digital information.

And anything digital can be tampered with.

Documents that teams have been collaborating on are vulnerable to attackers that can change the core text, alter numbers, or re-write terms and conditions to one party’s benefit, says John Safa of Pushfor, a company that makes secure ways for firms to share data and other content.

“At the end of the day it can be edited and it can be changed,” he says. “The problem then is if it is a legal contract without enough back-up, then it could be represented as something factual.”

Image copyrightEyewire

Image caption
Many documents still require a “wet ink” signature to seal a deal

It is still all too easy to drill down into a document’s metadata and change its basic properties that, if examined, lend weight to the fiction of it being authentic.

“Whatever emerges at the other end of a workflow system people will accept,” he says. “The document preserves the memory and we believe what it says all the time.

“Trust in all of this process is critical,” he says. “If that trust is lost then the entire process breaks down.”

Locked down

But there are technical ways to lock down data and documents to thwart the efforts of stealthy attackers to read or change them.

Many firms now use Digital Rights Management (DRM) systems to police who can do what to reports, files and other documents floating around their organisations, says Stuart Barr, chief strategy officer at workflow system firm HighQ.

DRM has been used to stop pirates stealing copies of copyright movies and video games, he says, but is now regularly applied to documents. It restricts editing to a select few and resists other attempts to make changes.

Image copyrightThinkstock

Image caption
Some firms use digital padlocks to restrict who can edit key documents and data

Mr Barr says firms using DRM have to strike a balance between putting good protections around valuable documents, and not making them so onerous that people avoid them.

“You would be surprised how many people let documents run around in the wild without any protection,” he tells the BBC, adding that a lot of organisations are “porous”, letting key files flow back and forth with few checks on what has happened to them in the meantime.

Some firms seek to filter this flow using specialist cloud-based services, but, says Mr Barr, work has to be done to ensure that this innovation does not introduce more risk.

“If they have files that are stored in any reputable cloud they should be encrypted at rest and in transit,” he says.

Scrambling data, allied to techniques that generate unique identifiers for important files, could go a long way towards preventing attacks on data integrity, he says.

“There’s a growing awareness that this is an issue that has to be taken seriously.”

Error correction

Cloud-based management systems that use encryption to protect important documents are still very new in the legal world, says Susan Hall, a partner at law firm Clarke Willmott.

A lot of law firms still rely on Redline editing, she says, which uses the edit tracking systems built in to Microsoft Word.

Image caption
Many law firms still rely on older technology to manage edits and merge changes

This allows edits to be made and marked on versions of contracts and other documents as negotiations or talks progress, she says.

“Often you have junior staff go through the final version to make sure nothing has crept in inadvertently or has otherwise changed before the signature,” she says.

“But in a lot of these situations you are operating under extreme pressure and there’s a high risk that people won’t pick up that something should have been included but wasn’t.”

In highly complex business contracts, a surreptitiously included clause could end up losing your business millions.

So it’s not just cyber theft we need to worry about, it’s data integrity.